VECT 2.0, intended to hold files for ransom, is instead destroying them due to a coding error. Released in 2025 via a Russian cybercrime forum, this ransomware contains a flaw that deletes files over 128 kilobytes rather than encrypting them. Critical files, such as databases and documents, are being permanently erased. The ransomware’s process of scrambling files involves saving codes to later decrypt them. However, for larger files, it generates four codes but overwrites them, leaving only one. As a result, the files remain inaccessible, even to the attackers. Besides this major flaw, the ransomware has other defects: advertised features that don’t work, unused security tools, and a self-canceling obfuscation technique. VECT 2.0, despite its issues, proliferated via BreachForums, giving hackers easy access to this faulty, yet damaging, tool.
Ransomware Erases All Files Exceeding 128 KB
1 Min Read